There is a conventional CG NAT technology that translates private IPv4 addresses into public (“white”) ones, taken from a certain pool of public IPv4 addresses. This technology may be implemented through software or hardware means, or both.
When a packet passes from the provider's internal network into an external one, such as the Internet, the NAT translator starts a user session. At the same time, an entry is created in the user session table, that contains the IP address and port in the internal network (internal address and port) and matching external IP address and port, into which the internal address and port have been translated. Then, the packet is sent to the Internet with its source IP address and port translated into external ones.
When a reply is received from the Internet, then a NAT translator looks up the corresponding user session, translates the external destination IP address and port into the internal ones, then sends the reply to the internal network.
The number of available user sessions is limited by the memory, which stores the user session table, and the speed of searching through that table. That is why it is desirable to clear unused user sessions, e.g. by removing associated entries from the table.
In case of User Datagram Protocol (UDP) packets, user sessions (translation table entries) are cleared only after the timer is up (see RFC 4787 “NAT Behavioral Requirements for Unicast UDP”, 4.3). The recommended timer value is 5 mins by default (but should not be less than 2 min). Yet, so-called well-known ports (UDP 0-1023) may have a shorter timeout. Shorter timers for certain ports are considered to be an optimization method.
An Application Level Gateway (ALG) for the CG NAT translator is a component that processes packets of a certain network protocol, which pass through ALG.
When the ALG for DNS is not used, user sessions created for DNS sessions are cleared only when associated timers are up and there are no new UDP packets. Usually, the timer value is at least 2 min (5 min recommended).
At the same time, DNS sessions occupy space in the user session table thus limiting the number of available user sessions. Therefore, the user session resources are not used efficiently.